GCHQ releases ‘Cryptoy' app to recruit tomorrow’s spies

The UK’s Government Communications Headquarters (GCHQ), which may have used the Regin malware, has released a far less menacing app that teaches students how to make and break secrets.

If you’re student with a yearning to join the world of cyber-espionage, the UK’s spy agency GCHQ may have the app for you.

GCHQ on Monday released a ‘fun and educational' Android app “Cryptoy” on Google Play, which it hopes will help secondary school students “understand basic encryption techniques, learn about their history and then have a go at creating their own encoded messages.”

The app lets users test four key ciphers developed over the centuries, including Shift, used by Julius Caesar over 2000 years ago; a substitution cipher used by Mary, Queen of Scots in the 16th century; Vigenère, a cipher developed in the 16th century and used during the American Civil War; and Enigma, the cipher employed by Nazi Germany in World War II.

Users make their own messages with any of the four techniques and can share them with friends on social media to test whether they can decrypt the message.

While each of the techniques are broken, they nonetheless teach the fundamentals of encryption and help students develop the “mindset” that cryptographers need, according to GCHQ.

The UK government hopes the app will inspire more students to take up Science, Technology, Engineering and Maths and ultimately help it find tomorrow’s recruits.

“Famously, the government recruited winners of a Daily Telegraph cryptic crossword competition to work at Bletchley Park. Today, I’m pleased to announce a similarly creative solution in the hunt for expertise, but with a 21st century spin,” said UK Cyber Security Strategy, Minister for the Cabinet Office Francis Maude MP.

Should any of the students go on to a career as a cryptographer, depending on where they live and who they work for, they may find themselves on the receiving end of GCHQ's more secretive projects.

Rather than providing educational apps, the GHCQ has been in headlines as the chief partner to the US National Security’s (NSA) global surveillance efforts.

GCHQ’s suspected involvement in an attack on Belgian telecoms provider Belgacom was in the spotlight again after security researchers revealed details of the highly sophisticated Regin malware last month.

Belgacom, which provides services European Commission and European Parliament, in 2013 disclosed it had discovered sophisticated malware on some of its internal systems. The NSA and GCHQ had used spoofed LinkedIn and Slashdot pages to target Belgacom engineers, according to documents leaked by former NSA contractor Edward Snowden. One of the people targeted in that campaign included the Belgian cryptographer Jean-Jacques Quisquater.

Users of the Cryptoy however needn’t worry about potential threats to their own privacy from the app, which does not have any permissions to use features such as a microphone or make phone calls, and won’t access personal data, according to GCHQ.

The app was developed by students on an industrial year placement at GCHQ and was created to demonstrate encryption techniques at the Cheltenham Science Festival. According to GCHQ, it decided to make the app publicly available after receiving interest from teachers who wanted to use it.

The app is currently only available for Android tablets however GCHQ hopes to release the app for iPads next year.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today

Join the CSO newsletter!

Error: Please check your email address.

Tags CryptoyslashdotBelgian cryptographer Jean-Jacques QuisquaterUK’s Government Communications Headquarters (GCHQ)UK Cyber Security StrategyLinkedInmalwareGCHQCSO AustraliaEnex TestLabUK’s GovernmentGoogle PlayBelgacomandroid appcyber-espionage

More about CSOEnex TestLabEnigmaEuropean CommissionEuropean ParliamentGCHQGoogleNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place